Native integration with Microsoft Sentinel

fleetdm / fleet

Open-source platform for IT, security, and infrastructure teams. (Linux, macOS, Chrome, Windows, cloud, data center)

https://fleetdm.com

Other

2.7k stars 383 forks source link

Native integration with Microsoft Sentinel #18905

Open pintomi1989 opened 2 months ago

pintomi1989 commented 2 months ago

As a Fleet user, I would like to see a native integration between Fleet and Sentinel as a logging destination. A one pane of glass or easy in UI setup would be optimal.

noahtalerman commented 1 month ago

I wonder if we could set up Fleet => AWS Firehose => Microsoft Sentinel.

Hey @dherder have we set up something like this for any other customers?

If not, is it doable?

cc @pintomi1989

dherder commented 1 month ago

@noahtalerman i don't see why a standard data stream like kinesis wouldn't be consumable by Sentinel. Maybe this: https://samilamppu.com/2022/01/17/microsoft-sentinel-how-to-leverage-built-in-amazon-web-services-s3-data-connector/ would help?

noahtalerman commented 1 month ago

FYI @pintomi1989 ^^

Sounds like we can use one of Fleet's log destinations to pipe data to Microsoft Sentinel.